The more serious of the flaws (CVE-2016-1464), rated critical, which could grant an unauthenticated attacker the ability to remotely execute arbitrary code by convincing a victim to open a file with vulnerable software.

Another vulnerability found by Francis Provencher, security researcher and founder of the Canadian government agency COSIG, classified as medium, could allow an unauthenticated attacker to remotely crash the WebEx Meetings Player by getting the victim to open a malicious file.

Both vulnerabilities found by Provencher affect Cisco WebEx Meetings Player version T29.10 for WRF files. Cisco released updates to address the bugs, but no workarounds are available.

Cisco also published advisories describing five different vulnerabilities affecting Small Business series switches and IP phones. Four of the issues came to Cisco from Nicolas Collignon and Renaud Dubourguais of Synacktiv, and one by security researcher Chris Watts.

They discovered Cisco Small Business 220 Series Smart Plus (Sx220) switches suffer from a flaw that allows a remote, unauthenticated attacker to gain access to Simple Network Management Protocol (SNMP) objects on vulnerable devices. The security hole (CVE-2016-1473), classified as “critical” is the result of a default SNMP community string that cannot end up removed.

Another advisory (CVE-2016-1469) details a high severity denial-of-service (DoS) vulnerability affecting Small Business IP phones: SPA300, SPA500 and SPA51x models.

Due to incorrect handling of malformed HTTP traffic, the phones can enter a DoS condition if a remote attacker sends them specially crafted requests.